Firewall: configuring a server firewall

Configuring virtual server firewall in control panel.

What is this?

You can use a firewall to manage server access and network data packets directly from a control panel. This option is included in server cost and not billed separately.

Currently, the limit is 50 rules; if you need more, please submit a request to technical support.

Network architecture

In order to avoid firewall rule conflicts and configure a firewall correctly, you need to understand the sequence of existing firewall operation. First, you can configure a firewall for a private network. Second, you can configure a firewall for a server via a control panel. And third, you can configure an internal firewall via iptables in Linux or use Windows built-in firewall.

Incoming packets first reach a network-level firewall (if exists). If packets have passed it, a server-level firewall comes into play, and finally an internal software mechanism is used. For outgoing packets, the reverse sequence applies.

Avoid using a server-level firewall and internal software firewall simultaneously:

Rule creation

To configure a firewall in any VPS, go to Firewall section in the server settings.

Important notice:

— Rule order is essential: the less sequential number of a rule, the higher its priority. You may reorder rules by dragging and dropping them in a list.
— By default, all incoming and outgoing data packets are allowed.

To create a rule, click Add:

Add Rule window will open. Fill in the following fields:

  • Name: a meaningful (mnemonic) name (max. 50 characters) usually describing the rule purpose;
  • Direction: direction of packets governed by the rule; can be either Incoming or Outgoing. Incoming means that the rule is applied to incoming data packets, and Outgoing means that it is applied to outgoing data packets;
  • Source/Destination: depending on the direction, contains either server IP address or one of the following values: IP address, CIDR, IP address range, or any;
  • SourcePort/DestinationPort: when TCP, UDP, or TCP and UDP is selected, you may specify a port, port range, or Any;
  • Action: action to be performed; it can be either Allow or Deny. Allow permits data packet transmission, while Deny prohibits it;
  • Protocol: protocol type (ANY, TCP, UDP, TCP and UDP, and ICMP).

To create a rule, click Save.

In our example, the rule blocks all packets coming to a server:

To apply the rule, click Save. You can create several rules and save them all at once:

Then, a page will look as follows:

Rule priority

The less sequential number of a rule, the higher its priority. For example, after you have created a rule to deny all incoming traffic, create a rule to allow incoming TCP packets on port 80. After you save configuration changes, this port will remain inaccessible since the denying rule has higher priority than the allowing one:

To change rule priority, drag the allowing rule to the first place and save changes:

After saving, rule sequential numbers will change, as well as their priorities:

In this configuration, the firewall will allow TCP-packets on port 80 and block all other packets.

See also

Have questions before you deploy? Contact our Customer Success team to get answers.
We use cookies to provide our services and for analytics and marketing. To find out more about our use of cookies, please see our Privacy Policy. By continuing to browse our website, you agree to our use of cookies.